Decoupling Components of an Attack Prevention System Using Publish/Subscribe

  • Joaquín García
  • Michael A. Jaeger
  • Gero Mühl
  • Joan Borrell
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 190)


Distributed and coordinated attacks can disrupt electronic commerce applications and cause large revenue losses. The prevention of these attacks is not possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to react against the different actions of such an attack. We are currently working on a decentralized attack prevention framework that is targeted at detecting as well as reacting to these attacks. The cooperation between the different entities of this system has been efficiently solved through the use of a publish/subscribe model. In this paper we first present the advantages and convenience in using this communication paradigm for a general decentralized attack prevention framework. Then, we present the design for our specific approach. Finally, we shortly discuss our implementation based on a freely available publish/subscribe message oriented middleware.


Intrusion Detection Intrusion Detection System XPath Expression Notifi Cation Communication Paradigm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [Debar et al., 2005]
    Debar, H., Curry, D., and Feinstein, B. (January 2005). Intrusion detection message exchange format data model and extensible markup language. Technical report.Google Scholar
  2. [García et al., 2004]
    García, J., Autrel, F., Borrell, J., Castillo, S., Cuppens, F., and Navarro, G. (2004). Decentralized publish-subscribe system to prevent coordinated attacks via alert correlation. In Sixth International Conference on Information and Communications Security, volume 3269 of LNCS, pages 223–235, Malaga, Spain. Springer-Verlag.Google Scholar
  3. [Hochberg et al., 1993]
    Hochberg, J., Jackson, K., Stallins, C., McClary, J. F., DuBois, D., and Ford, J. (May 1993). NADIR: An automated system for detecting network intrusion and misuse. In Computer and Security, volume 12(3), pages 235–248.CrossRefGoogle Scholar
  4. [Kruegel, 2002]
    Kruegel, C. (June 2002). Network Alertness-Towards an adaptive, collaborating Intrusion Detection System. PhD thesis, Technical University of Vienna.Google Scholar
  5. [Lippmann et al., 2000]
    Lippmann, R., Haines, J., Fried, D., Korba, J., and Das, K. (2000). The 1999 darpa off-line intrusion detection evaluation. Computer Networks, (34):579–595.CrossRefGoogle Scholar
  6. [Migus, 2004]
    Migus, A. C. (March 2004). IDMEF XML library version 0.7.3. Scholar
  7. [Mühl, 2002]
    Mühl, G. (2002). Large-Scale Content-Based Publish-Subscribe Systems. PhD thesis, Technical University of Darmstadt.Google Scholar
  8. [Ruff, 2000]
    Ruff, M. (2000). XmlBlaster: open source message oriented middleware. Scholar
  9. [Snapp et al., 1991]
    Snapp, S. R., Brentano, J., Dias, G. V., Goan, T. L., Heberlein, L. T., Ho, C, K. N. Levitt, Mukherjee, B., Smaha, S. E., Grance, T., Teal, D. M., and Mansur, D. (October, 1991). DIDS (distributed intrusion detection system)-motivation, architecture and an early prototype. In Proceedings 14th National Security Conference, pages 167–176.Google Scholar
  10. [Staniford-Chen et al., 1996]
    Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Levitt, J. Hoagland K., Wee, C., Yip, R., and Zerkle, D. (1996). GrIDS — a graph-based intrusion detection system for large networks. In Proceedings of the 19th National Information Systems Security Conference.Google Scholar
  11. [Vigna and Kemmerer, 1999]
    Vigna, G. and Kemmerer, R. A. (1999). NetSTAT: A network-based intrusion detection system. Journal of Computer Security, 7(1):37–71.Google Scholar
  12. [White et al., 1999]
    White, G. B., Fisch, E. A., and Pooch, U. W. (February 1999). Cooperating security managers: A peer-based intrusion detection system. IEEE Network, 7:20–23.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Joaquín García
    • 1
  • Michael A. Jaeger
    • 2
  • Gero Mühl
    • 2
  • Joan Borrell
    • 1
  1. 1.Dept. of Information and Communications EngineeringAutonomous University of BarcelonaBellaterraSpain
  2. 2.Institute for Telecommunication Systems, Communication and Operating Systems GroupTechnical University of BerlinBerlinGermany

Personalised recommendations